QwikSec

Security Database

CVE

CWE

Training

CVE-2023-32758

Published: May 15, 2023

Modified: Jan 23, 2025

PUBLISHED

Description

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/coala/git-url-parse/blob/master/giturlparse/parser.py#L53

https://pypi.org/project/git-url-parse

https://github.com/returntocorp/semgrep/pull/7611

https://github.com/returntocorp/semgrep/pull/7955

https://github.com/returntocorp/semgrep/pull/7943

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.